The present invention relates generally to the field of software-defined environments (SDE), and more particularly to security in an SDE.
Enterprises are increasingly aggressive in moving mission-critical and performance-sensitive applications to heavily virtualized environment on shared infrastructure and cloud. Mobile, social, and analytics applications are oftentimes directly developed and operated on shared infrastructure and cloud. Current virtualization and cloud solution only allow basic abstraction of the computing, storage, and network resources in terms of their capacity. This approach often calls for standardization of the underlying system architecture to simplify the abstraction of these resources. Further, the workload-optimized system approach relies on tight integration of the workload (including compiler) to the underlying system architecture. This approach allows direct leverage of the special capabilities offered by each micro-architecture and by the system level capabilities at the expense of required labor-intensive optimization.
In a software defined environment (SDE), many virtual “systems” may be created within the same physical system and/or multiple physical systems may be virtualized into a single virtual system. There are no permanent associations (or bindings) between the logical resources and physical resources as software defined “systems” can be continuously created from scratch, continuously evolved, and destroyed at the end.
A framework, referred to herein as the “Pfister framework,” has been used to describe workload characteristics of a given application. The Pfister framework considers “thread contention” versus “data contention.” With that in mind, four workload categories are defined: (i) mixed workload updating shared data or queues (such as enterprise software, also known as application and integration middleware); (ii) highly threaded applications; (iii) parallel data structures with analytics (such as frameworks for storage and large-scale processing of data sets on cluster computing environments); and (iv) small discrete applications.